PyBurp

中文版本

PyBurp is a Burp Suite extension that provides predefined Python functions for HTTP/WebSocket traffic modification, context menu registration, Intruder payload processing, passive/active scanning, and Collaborator interaction. You can also directly access Montoya API in your Python scripts.

Key Features

• Dynamic modification of HTTP and WebSocket traffic, especially for encrypted communications
• Complex nested JSON, XML, and Form/QueryString transformations
• Powerful parameter fuzzing and testing
• Remote method invocation through Chrome DevTools Protocol and gRPC

For more features, see the Examples' section below.

Video Tutorials

• In PyBurp, invoke JavaScript functions in a webpage via the Chrome DevTools Protocol
• In PyBurp, call methods of a Frida-hooked mobile apps through gRPC

Installation

Download from the Release page or install directly from the BApp Store, then open PyBurp from the top menu bar.

<img src="images/pyburp.png"/>

Usage Guide

Build

./gradlew clean shadowJar 

Predefined Functions

PyBurp provides several predefined functions that automatically register corresponding functionality in Burp Suite when defined in your script. Here's a detailed list:

| Function Name | Description | |------------|-------------------------------------------------------------| | handleRequest(request: HttpRequest, annotations: Annotations) | Processes requests between Burp Suite and the server | | handleResponse(response: HttpResponse, annotations: Annotations) | Processes responses between Burp Suite and the server | | handleProxyRequest(request: HttpRequest, annotations: Annotations) | Processes requests between the client and Burp Suite | | handleProxyResponse(response: HttpResponse, annotations: Annotations) | Processes responses between the client and Burp Suite | | urlPrefixAllowed(urls) | Sets allowed URL prefixes for the current PyBurp tab | | registerContextMenu(menus) | Registers custom context menu items | | processPayload(str) | Registers custom Intruder payload processor | | handleInteraction(interaction: Interaction) | Polls Collaborator server | | passiveAudit(baseRequestResponse: HttpRequestResponse) | Performs passive scanning | | activeAudit(baseRequestResponse: HttpRequestResponse, auditInsertionPoint: AuditInsertionPoint) | Performs active scanning | | handleWsTextMsg(message: TextMessage) | Processes text WebSocket messages | | handleWsBinMsg(message: BinaryMessage) | Processes binary WebSocket messages | | handleProxyWsTextMsg(message: InterceptedTextMessage) | Processes text WebSocket messages in proxy | | handleProxyWsBinMsg(message: InterceptedBinaryMessage) | Processes binary WebSocket messages in proxy | | finish() | Called when the script is stopped |

Examples

PyBurp includes a variety of example scripts to demonstrate its capabilities:

| File | Description | |---------------------------------------------------------------------------|-------------| | randomplz_match_and_replace.py | Match and replace a defined string with a blind XSS payload including a random string for xsshunter-go payload source correlation | | env_init.py | Automatically runs before each user script execution, providing common classes and methods | | bambdas.py | Quick information extraction from Proxy history | | chrome_devtools_protocol.py | Remote Chrome DevTools method invocation | | collaborator.py | Collaborator usage example | | customise_context_menu.py | Context menu registration examples | | default.py | Basic request/response modification demo | | encryptedCompleteBody.py | Complete HTTP body encryption handling | | encryptedCompleteBodyAes.py | AES encryption for complete HTTP body | | encryptedJsonParam.py | JSON parameter encryption handling | | encryptedJsonParamRpc.py | JSON parameter encryption with RPC | | encryptedQueryForm.py | Query String encryption handling | | fuzz_params.py | Comprehensive parameter fuzzing | | highlight_interesting_http.py | HTTP request/response highlighting | | passive_active_scan.py | Active and passive scanning examples | | process_intruder_payload.py | Custom Intruder payload processing | | race_condition.py | Race condition testing | | rpc_debug.py | RPC testing | | save_subdomain_to_sqlite.py | Subdomain collection from Proxy history | | signatureHeader.py | Header signature handling | | traffic_redirector.py | HTTP request redirection | | urls_from_file.py | Multi-threaded URL request processing | | urls_from_file2.py | Thread pool-based URL request processing | | websocket.py | WebSocket message handling and modification | | use_pip2_packages.py | Third-party package usage examples |

Quick Start

Context Menu Registration

To register context menu items, define a registerContextMenu function that takes a menu collection as a parameter. The register method accepts three parameters: menu name, associated function name, and menu type (MenuType). The menu type determines when and where the menu item appears, and what data is passed to the associated function.

Available menu types:

• CARET: Menu appears at cursor position in Repeater tool, returns a string to insert at the cursor
• SELECTED_TEXT: Menu appears when text is selected, processes the selected text and can modify it
• REQUEST: Menu appears only in request context, receives the current HttpRequest as parameter
• REQUEST_RESPONSE: Menu appears only when both request and response are available, receives [HttpRequestResponse](https://portswigger.github.io/burp-e